Thoughts, information and reflections about technology

Securing your WordPress site

Just because you are paranoid doesn’t mean they aren’t out to get you.

My phone started getting a rash of incoming email from 2 WordPress sites I had recently launched. The emails were from WordFence, a WordPress security program. WordFence was identifying brute force attacks from Russia, Poland, China and other countries. As it identified the attacks, it locked the IP of the attacker and notified me.

The default settings were to lock the IP for five minutes after 20 incorrect login attempts. I changed that to lock out for one hour, given 7 bad attempts within one hour.

Wordfence has a free and pro version. If you are running a WordPress site, it is imperative to have some type of protection, especially against brute force password attacks.  In a worst case scenario, the attackers will get lucky and guess the admin password. Even in a best case scenario, the repeated login attempts consume resources.

A quick look at the logs showed that the hackers had found the two sites and were making repeated attempts to find an admin password.

For more information or to download the plugin, visit the WordFence Plugin Page.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact me